Navy.gif/owncast
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Require auth middleware only on GET requests

Browse Source
This commit is contained in:
Gabe Kangas 2022-06-05 22:46:46 -07:00
parent 26eebf47d5
commit d6814b516a
No known key found for this signature in database
GPG Key ID: 9A56337728BC81EA
2 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
controllers/auth/indieauth/server.go
View File

@ -6,13 +6,16 @@ import (
ia "github.com/owncast/owncast/auth/indieauth"
"github.com/owncast/owncast/controllers"
"github.com/owncast/owncast/router/middleware"
)
// HandleAuthEndpoint will handle the IndieAuth auth endpoint.
func HandleAuthEndpoint(w http.ResponseWriter, r *http.Request) {
if r.Method == http.MethodGet {
// Require the GET request for IndieAuth to be behind admin login.
handleAuthEndpointGet(w, r)
f := middleware.RequireAdminAuth(handleAuthEndpointGet)
f(w, r)
return
} else if r.Method == http.MethodPost {
handleAuthEndpointPost(w, r)
} else {

2
router/router.go
View File

@ -356,7 +356,7 @@ func Start() error {
// Start auth flow
http.HandleFunc("/api/auth/indieauth", middleware.RequireUserAccessToken(indieauth.StartAuthFlow))
http.HandleFunc("/api/auth/indieauth/callback", indieauth.HandleRedirect)
http.HandleFunc("/api/auth/provider/indieauth", middleware.RequireAdminAuth(indieauth.HandleAuthEndpoint))
http.HandleFunc("/api/auth/provider/indieauth", indieauth.HandleAuthEndpoint)
http.HandleFunc("/api/auth/fediverse", middleware.RequireUserAccessToken(fediverseauth.RegisterFediverseOTPRequest))
http.HandleFunc("/api/auth/fediverse/verify", fediverseauth.VerifyFediverseOTPRequest)